May 28, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-8809 The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation v...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-9872 Google Chrome memory safety

  • CVSS 9.6

New critical Google Chrome memory safety (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-9875 Google Chrome memory safety

  • CVSS 9.6

New critical Google Chrome memory safety (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-8809 CVSS 9.8

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up...

CVE-2026-9872 CVSS 9.6

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox...

CVE-2026-9874 CVSS 9.6

Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a c...

CVE-2026-9875 CVSS 9.6

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbo...

CVE-2026-9876 CVSS 9.6

Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox es...

CVE-2026-9881 CVSS 9

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicio...

CVE-2026-9886 CVSS 9.6

Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape...

CVE-2026-9891 CVSS 9

Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process...

CVE-2026-9918 CVSS 9.6

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox...

CVE-2026-9967 CVSS 9.6

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via...

View critical disclosures

cvelogic Threat Intelligence